Security guru finds that only half of servers vulnerable to heartbleed exploit have been patched

Security guru finds that only half of servers vulnerable to heartbleed exploit have been patched

A security guru has scanned all IPv4 public addresses to probe servers for the OpenSSL heartbleed vulnerability. Of the more than 20 million servers found on the Internet supporting SSL on default https port (TCP port 443) there were originally about 600k servers originally found to be vulnerable to heartbleed exploit. A more recent scan found that about half of these servers have been patched, so some 318,239 servers around the globe were still vulnerable at the time of that scan (which was more than a month after the vulnerability was announced). Paranoid security professionals question whether the infamous “missing line of code” (a bounds check) which created this vulnerability was in fact intentional, though the programmer denies this, and its still an open question whether government agencies, such as the NSA, have known about this vulnerability for some time.

One thing to learn from this is that it’s really straightforward to scan/probe computers on the Internet (of course this is no surprise) so everyone with an Internet facing system must be vigilant in applying security patches to firewalls, routers, and servers — this applies to WholesaleBackup servers too! From our standpoint, perhaps the most important lesson to learn from this is to assume that computer and network security is deficient by design and thus your computers and network will be breached, so getting your critical data securely backed up off of your network, using a product such as WholesaleBackup, is a must, else you’ll be cooked when it happens to you!